Hacker Musings and OCD

How to enable the FTP server (ftpd) in Lion: PLEASE DON’T

FTP is insecure. Your password can be the single-most unbreakable string in the universe, but it doesn’t matter: it’s sent out over plain text. Moreover, anyone who’s been in the sysadmin game for more than 12 minutes has seen just about every FTP server get cornholed, literally cornholed, multiple times by securtity flaws.

The best thing the “technology community” can do is to actively discourage its use.

FTP over SSL is a better interim solution, if keeping “pure” the FTP protocol is required.

And enough about the damn “extra overhead” of SSH or SSL. We’re talking about a few bytes here, esp. when you’re on a LAN.

The sooner FTP dies, the closer we are to a world of endpoint secure protocols.